[Owasp-board] AppSecUSA 2010 Profit Sharing Split

Eoin eoin.keary at owasp.org
Tue Mar 22 00:19:27 UTC 2011


Mark, issues which affect the bottom line of the foundation need board
involvement I would think.
Behaviour is Improper, no, but not in the Spirit of the organisation either.

I am also organising the AppSEC EU conference so I do have some skin in the
game here regardless of my membership of the board.


On 21 March 2011 23:55, Mark Bristow <mark.bristow at owasp.org> wrote:

> <Mark hat on>
> Eoin I for the most part personally agree with your sentiments, although I
> don't believe that the leaders involved are acting in an "improper" way, as
> chapter leaders, they are responsible to do what they think is best
> for their chapter.  It's the responsibility of the committees/board to weigh
> that on the needs of the organization as a whole, IMO.
>
> <GCC Chair/Governance hat on>
> I'd like the opportunity for the GCC to come to it's own resolution on this
> matter and then present to the board for final review (As described in my
> initial email).  In general I feel that the committees should handle this
> sort of issue internally as possible and only involve the board if there is
> a dispute in the resolution the committee comes to.
>
>
> On Mon, Mar 21, 2011 at 7:42 PM, Eoin <eoin.keary at owasp.org> wrote:
>
>> this is crazy......... (im sorry i have t say this)
>> the funds are all owasp money.
>> feels like holding owasp to ransom tbh
>> "we will only hold the event for x $$$ usd for our chapter"...talk about
>> missing the point of OWASP in the first place.
>> Not very values driven imho.
>>
>> -ek
>>
>>
>> On 21 March 2011 19:20, Mark Bristow <mark.bristow at owasp.org> wrote:
>>
>>> Richard,
>>>
>>> Thanks for the information.  We'll take this under consideration and let
>>> you know when we present our decision to the board for review.
>>>
>>> Thanks,
>>> -Mark
>>>
>>>
>>> On Mon, Mar 21, 2011 at 3:08 PM, Richard Greenberg <
>>> richard.greenberg at owasp.org> wrote:
>>>
>>>> Folks,
>>>>
>>>> *As promised, below is the response from the OC and LA Chapters:*
>>>>
>>>> The OC and LA Chapters were extremely surprised upon hearing that the
>>>> recently adopted policies, particularly the cap, regarding conference splits
>>>> with local chapters were being used retroactively to disperse funds from
>>>> AppSec SoCal. Clearly, I don't think any members of this committee would
>>>> intentionally proceed in this fashion. I am presuming that the understanding
>>>> was that there was no other agreement in place. However, this was not
>>>> the case.
>>>>
>>>>
>>>>
>>>> You may or may not have seen the discussion threads I am including
>>>> below. They give a pretty definitive indication to the LA and OC Boards
>>>> that the agreed upon AppSec split was 25/75. However, there has been quite a
>>>> bit of discussion and some compelling thoughts on the finances of the
>>>> organization as a whole, and "the needs of the many outweigh the needs of
>>>> the few" (one of my favorite movie scenes). With that said, I am proposing
>>>> some type of compromise that would honor the pre-conference agreement and
>>>> understanding, yet not take too much of the revenue needed by OWASP, the
>>>> mothership. Rather than my stating a specific additional percentage, I am
>>>> asking the GCC to come up with a compromise figure. I think that this
>>>> is essential to honor the spirit and openness of what we are all about, and
>>>> what we stand for as an organization.
>>>>
>>>>
>>>>
>>>> As requested, a working version of AppSec USA 2010 budget is attached.
>>>> The real budget (P&L statement) resides with Alison (we left detailed
>>>> bookkeeping to Alison once we figured out that we are making a profit).
>>>>
>>>>
>>>>
>>>> The OC and LA chapters intend to use the proceeds from AppSec USA 2010
>>>> to advance the OWASP mission in OC and LA counties, in accordance with
>>>> OWASP chapter guidelines. Activities planned include, but are not
>>>> limited to, bringing in the best of class speakers to chapter meetings,
>>>> providing free or discounted training opportunities, and covering increased
>>>> venue costs when attendance exceeds current facility capacity. We also
>>>> are firm believers that our future lies with the upcoming generations, and
>>>> we intend to support local student chapters as best as we can.
>>>>
>>>>
>>>>
>>>> Keep in mind that larger cities like LA, NY and Dc have higher costs
>>>> than most of the country. The arguments that I have heard that there should
>>>> be no rich chapters aren’t really sound ones. Strong chapters are the best
>>>> allies a centralized OWASP could possibly have. Keep in mind that in
>>>> emergencies, funds can always be reclaimed from chapters.
>>>>
>>>>
>>>>
>>>> We appreciate your consideration of our position, and trust that when
>>>> all the facts are reviewed, a compromise can indeed be reached that is
>>>> equitable and will leave all of us happy to move ahead with our important
>>>> work.
>>>>
>>>>
>>>> I am available for any questions you may have in this matter:
>>>> 323-869-8120.
>>>>
>>>>
>>>> Thanks, again, for agreeing to resolve this issue.
>>>>
>>>>
>>>>  *Below is the historical record of the discussions that took place
>>>> prior to the Global SoCal AppSec:*
>>>>
>>>>
>>>> From: *Kate Hartmann* <kate.hartmann at owasp.org>
>>>> Date: Mon, Mar 22, 2010 at 12:37 PM
>>>> Subject: RE: [AppSec USA 2010] Trainer Split
>>>> To: Tin Zaw <tin.zaw at owasp.org>
>>>> Cc: Neil Matatall <neil at owasp.org>, Cassio Goldschmidt <
>>>> cassio at owasp.org>
>>>>
>>>> Yes, you are correct.  Remember, however, that the annual AppSec
>>>> conferences are one of the greatest sources of income for the foundation, so
>>>> the budget and expenses need to be monitored closely.  The expectation for
>>>> the US AppSec revenue would be in the neighborhood of $100K.
>>>>
>>>>
>>>>
>>>> Kate Hartmann
>>>>
>>>> OWASP Operations Director
>>>>
>>>> 9175 Guilford Road
>>>>
>>>> Suite 300
>>>>
>>>> Columbia, MD  21046
>>>>
>>>>
>>>>
>>>> 301-275-9403
>>>>
>>>> kate.hartmann at owasp.org
>>>>
>>>> Skype:  kate.hartmann1
>>>>
>>>>
>>>>
>>>> *From:* Tin Zaw [mailto:tin.zaw at owasp.org]
>>>> *Sent:* Monday, March 22, 2010 3:36 PM
>>>> *To:* Kate Hartmann
>>>> *Cc:* Neil Matatall; Cassio Goldschmidt
>>>> *Subject:* Re: [AppSec USA 2010] Trainer Split
>>>>
>>>>
>>>>
>>>> Thanks Kate.
>>>>
>>>>
>>>>
>>>> I assume 40/60 split is of revenue (what we charge to students) for
>>>> training. 40% goes to trainer, and 60% goes to conference revenue (or gross
>>>> income) right?
>>>>
>>>>
>>>>
>>>> What is the split of proceeds (net income/profit) from all 4 days? I
>>>> believe it is 25/75 (25% goes to local chapter(s) and 75% goes to OWASP
>>>> Foundation). Please confirm.
>>>>
>>>>
>>>>
>>>> Thanks.
>>>>
>>>> On Mon, Mar 22, 2010 at 11:44 AM, Kate Hartmann <
>>>> kate.hartmann at owasp.org> wrote:
>>>>
>>>> The conferences committee recommends a 40/60 split (trainer/owasp)
>>>>
>>>>
>>>>
>>>> Kate Hartmann
>>>>
>>>> OWASP Operations Director
>>>>
>>>> 9175 Guilford Road
>>>>
>>>> Suite 300
>>>>
>>>> Columbia, MD  21046
>>>>
>>>>
>>>>
>>>> 301-275-9403
>>>>
>>>> kate.hartmann at owasp.org
>>>>
>>>> Skype:  kate.hartmann1
>>>>
>>>>
>>>>
>>>> *From:* pc_appsec_us_2010-bounces at lists.owasp.org [mailto:
>>>> pc_appsec_us_2010-bounces at lists.owasp.org] *On Behalf Of *Neil Matatall
>>>> *Sent:* Friday, March 19, 2010 12:45 PM
>>>> *To:* pc_appsec_us_2010 at lists.owasp.org
>>>> *Subject:* [AppSec USA 2010] Trainer Split
>>>>
>>>>
>>>>
>>>> Can someone remind me what the split is for trainers?  75/25
>>>> owasp/trainer?
>>>>
>>>>
>>>> Neil
>>>>
>>>>
>>>>
>>>> On Fri, Mar 18, 2011 at 10:10 AM, Richard Greenberg <
>>>> richard.greenberg at owasp.org> wrote:
>>>>
>>>> On behalf of the OC and LA OWASP Chapters, thank you all for considering
>>>> our Chapters' position on this sensitive matter. We will discuss and send
>>>> you some guidance to assist you in objectively evaluating this situation and
>>>> coming up with an equitable and responsible resolution.
>>>>
>>>>
>>>>
>>>> On Fri, Mar 18, 2011 at 9:01 AM, Mark Bristow <mark.bristow at owasp.org>
>>>> wrote:
>>>>
>>>> Richard, Neil, Cassio and Tin,
>>>>
>>>> Richard has recently brought to our attention that you all feel that the
>>>> GCC profit sharing split was inappropriately applied to AppSecUSA 2010.  It
>>>> is the responsibility of the Global Conference Committee to adjudicate these
>>>> types of cases and as such I've started an inquiry based on the board
>>>> inquiry process.  As Richard, Neil and Cassio were intimately involved with
>>>> this event and have a conflict of interest as defined in the GCC
>>>> Governance policy<http://www.owasp.org/index.php/Global_Conferences_Committee_Governance#Conflict_of_Interest>,
>>>> I've recused them from the discussions related to this inquiry so that they
>>>> may be free to fully present their case from the position of AppSec USA 2010
>>>> event planners and chapter leaders.  The remaining GCC members will take
>>>> this matter into consideration and discuss it early next week.  We will come
>>>> to a resolution and provide it to the board for final approval (as it
>>>> involves a substantial amount of OWASP foundation funds).  Once this is
>>>> complete I will put the inquiry information and decision rational on the
>>>> wiki as well as how the committee voted on the matter and will encourage the
>>>> board to do the same.
>>>>
>>>> At issue here is the application of the GCC "Profit Sharing Policy<http://www.owasp.org/index.php/Global_Conferences_Committee#tab=Committee_Policies>"
>>>> in which the local host chapters of Global AppSec events receive "25% of
>>>> event profits with a $5,000 USD cap ($10,000 for multi-chapter events)".
>>>> It's our understanding that you are contending that you were under the
>>>> impression that the split would be provided at the rate of 25% of profits to
>>>> the local with no cap.  According to the foundation's records, AppSecUSA
>>>> 2010 made a profit of $96,449.92 and $10,000 has already been provided to
>>>> the LA and OC Chapters.  Your position is that the chapters should be
>>>> allocated an additional $14,112.48 (25% of $96,449.92 - $10,000 which was
>>>> already dispatched) for a total of $24,112.48 to be split by your chapters.
>>>>
>>>> The committee would like to get the following from the AppSec USA
>>>> planners in order to render a decision on this issue.
>>>>
>>>>    1. A statement outlining your position of why you feel the policy
>>>>    was improperly applied
>>>>    2. As we understand it you feel that you were told that the 25% w/
>>>>    no cap was the policy and was agreed to, we'd like to know more about how
>>>>    this came to be.
>>>>    3. A copy of your internal AppSecUSA budget (as it stands, need not
>>>>    be a heavy lift) for comparison to the foundation records
>>>>    4. If you'd like to also describe how your chapters plan to use the
>>>>    additional funds, your welcome to do that also, although not strictly a
>>>>    conference issue, some of the committee have asked for this information if
>>>>    you'd like to provide it.
>>>>
>>>> We'd appreciate a reply by noon Monday if possible.  However if you need
>>>> more time, that's fine, wer're just trying to be expeditious and get this
>>>> resolved.  As described and as it represents a reasonably substantial
>>>> portion (about 16%) of the OWASP annual operations budget we will also have
>>>> to have the board weigh in on this.  However at the summit the board
>>>> indicated that they'd like to have the committees debate it out first and
>>>> present their conclusions to the board for review.
>>>>
>>>> Regards,
>>>> The Global Conferences Committee
>>>>
>>>> --
>>>> Mark Bristow
>>>> (703) 596-5175 <%28703%29%20596-5175>
>>>> mark.bristow at owasp.org
>>>>
>>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>>> AppSec DC Organizer - https://www.appsecdc.org
>>>>
>>>>
>>>>
>>>> --
>>>> Richard Greenberg, CISSP
>>>> Board of Directors, OWASP Los Angeles, www.owaspla.org<http://www.appsecusa.org/>
>>>> Board of Directors, ISSA Los Angeles, www.issa-la.org<http://www.appsecusa.org/>
>>>> OWASP Global Conference Committee
>>>> LinkedIn:  http://www.linkedin.com/in/richardagreenberg
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Mark Bristow
>>> (703) 596-5175
>>> mark.bristow at owasp.org
>>>
>>> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
>>> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
>>> AppSec DC Organizer - https://www.appsecdc.org
>>>
>>>
>>
>>
>> --
>> Eoin Keary
>> OWASP Global Board Member
>> OWASP Code Review Guide Lead Author
>>
>> Sent from my i-Transmogrifier
>> http://asg.ie/
>> https://twitter.com/EoinKeary
>>
>
>
>
> --
> Mark Bristow
> (703) 596-5175
> mark.bristow at owasp.org
>
> OWASP Global Conferences Committee Chair - http://is.gd/5MTvF
> OWASP DC Chapter Co-Chair - http://is.gd/5MTwu
> AppSec DC Organizer - https://www.appsecdc.org
>
>


-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20110322/82eb723a/attachment-0002.html>


More information about the Owasp-board mailing list